Zero Day Initiative Advisory 12-004
Zero Day Initiative Advisory 12-04 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime.
Tags: Apple, Application, exploit, user, VulnerabilityApple Safari file:// Arbitrary Code Execution
This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]
Tags: apple-safari, user, victimZero Day Initiative Advisory 10-255
Zero Day Initiative Advisory 10-255 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the quicktime.qtx. When handling the m1s atom an integer value is used as an offset into a buffer. Minimal validation is done and an attacker can supply a negative value. This can be used to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
Tags: Apple, exploit, remote-attacker, user